[ADD] new moduled l10n_fr_certification (abstract / account / pos) #108
Conversation
1 similar comment
|
Hi @legalsylvain , could you aslo precise if there is a strategy for the v10 in your dev? regards |
|
I think it will be necessary to track the modification of con on the POS. As the change of your option could be done by anybody having admin access right, we (odoo integrators) should be able to oppose the fact that somebody else than us made changes on the conf. |
|
Hi @flotho . Thanks for your review.
No, if you set the configuration in the openerp file to a value different to legacy, it will not be possible to change the configuration in the pos config. (SAAS protection). If you provides admin rights to users, he'll have the possibility to disable all protection, by many technical ways. The first one is to uninstall certification modules, but there are a lot of other ways (create server actions, installation new modules to cheat, etc...). And no modules will be able to assure you that admin (software) users / admin (server) users will not hack your apps. Admin has all rights, by design. The spirit of the law is to make responsible software providers only if :
My PR provides mechanism to generate unique hash, based on sequence, previous sale hash, and datas sale and prevent cheating by "private mode in Firefox" by a soft (warning message on a 'uncertified bill') or a hard (prevent printing bill) mecanism. If a user makes alterations of the tools, (changing non trivial configuration, altering code source, etc...) he becomes responsible of the changes, and so the integrators that provided the software is not responsible anymore. The law so protects Open Source integrators.
So, if an admin user disable all security features, he's responsible of that.
Not for the time being. I think that the planning could be :
Did you have time to review more deeply the PR ? kind regards. |
|
Hi @legalsylvain |
|
Hi @flotho. Did you taken time to review ? |
|
Hi @legalsylvain , I'll try to review this before the end of august |
|
@flotho And now ? -;) |
|
Hello @legalsylvain , I have tested your module with the POS, and I share my results and ideas.
I think we should prevent from changing the country if we have an opened pos session because if we continue to use this session, nothing will work correctly regarding to the french law. |
|
Hi @gaelTorrecillas. thanks for the test and review !
I fiexed that with a3e2116
I added a new test. Thanks for the review. CC : @flotho, @robinshakty |
legalsylvain
force-pushed
the
8.0_ADD_l10n_fr_certification_abstract_account_pos
branch
from
a3e2116
to
fd45cad
Compare
|
Hi! |
|
Hi @legalsylvain , Is there any update on this module? Did you test the latest Odoo modules ? |
|
closing this PR because no approval during long time and now V8.0 is now quite obsolete. please review #126 v10.0 to have the same feature based on the official odoo module l10n_fr_pos_cert. regards. |
This PR is a backport for Odoo 8.0 of l10n_fr_certification from Odoo CE 9.0, with a full refactor.
l10n_fr_certification has been splited into two modules :
l10n_fr_certification_abstract that manage hash generation for any object
l10n_fr_certification_account that manage certification for account module.
The PR includes the module l10n_fr_certification_pos that is not covered for the time being by Odoo. See @qdp-odoo remarks here. 9.0 l10n fr inalterability qdp odoo/odoo#16935 (comment) The main objective of this module is to generate hash for Pos.order, print it on the bill, and prevent (optionaly) the print of the bill, if the server is offline, to avoid the use case described by @sebastienbeau here 9.0 l10n fr inalterability qdp odoo/odoo#16935 (comment).
Note : for the time being, there is a major bug in Odoo CE 9.0 (odoo/odoo#17671) that makes possible to changes accounting data without altering the hash computation. For that reason, the algorithm in the function _compute_l10n_fr_string_to_hash is not finished see here. I'm waiting the official fix, because i'd like to keep the same algorithm to generate hash as Odoo Core, to allow user to switch between OCA / 8.0 modules and Odoo / 9.0 (CE / Enterprise) module if they want.
Otherwise, this module is ready for review.
Please see the three readme for a detailled description.
CC : @sebastienbeau, @fclementic2c, @alexis-via.
Todo list
backport list of fields used for certification. (for account.move and pos.order) from 9.0 poscertif lpe odoo/odoo#20581
Think about refactoring about holder, to feat with 9.0 poscertif lpe odoo/odoo#20581 PR. (sequences are unique for a company and a same object). This design is maybe more easy to implement. Waiting until the original PR is accepted.